Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:mediawiki:mediawiki:1.18.3:*:*:*:*:*:*:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2013-2032 |
MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks. Published: November 17, 2013; 9:55:07 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-2031 |
MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted as UTF-8 by Chrome and Firefox. Published: November 17, 2013; 9:55:07 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-2698 |
Cross-site scripting (XSS) vulnerability in the outputPage function in includes/SkinTemplate.php in MediaWiki before 1.17.5, 1.18.x before 1.18.4, and 1.19.x before 1.19.1 allows remote attackers to inject arbitrary web script or HTML via the uselang parameter to index.php/Main_page. Published: June 29, 2012; 3:55:05 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |